Sodinokibi Crypto Ransomware Switches from Bitcoin to Monero to Hide Money Trail

Published at: April 13, 2020

A kind of ransomware — a malware that encrypts user data and asks for a ransom to restore access to it — switched from Bitcoin (BTC) to Monero (XMR) to better protect the hackers’ identities.

According to an April 11 report by cybersecurity news outlet BleepingComputer, using Monero will make it harder for law enforcement to track ransom payments to the hackers behind Sodinokibi. As the article mentions, Europol strategy analyst Jerek Jakubcek explained during a February webinar how anoncoins influence legal investigations:

“Since the suspect used a combination of TOR and privacy coins, we could not trace the funds. We could not trace the IP addresses. Which means, we hit the end of the road. Whatever happened on the Bitcoin blockchain was visible and that’s why we were able to get reasonably far. But with Monero blockchain, that was the point where the investigation has ended. So this is a classical example of one of several cases we had where the suspect decided to move funds from Bitcoin or Ethereum to Monero.”

“BTC will be removed”

Per the report, the hackers behind the Sodinokibi ransomware posted on a hacker and malware forum a post announcing their switch to Monero. In the post, the cybercriminals explicitly stated that the switch was meant to make it harder for law enforcement to track the money. The announcement reads:

“In this regard, we inform you that after a while the BTC will be removed as a payment method. Victims need to begin to understand the new cryptocurrency, as well as other interested parties who work with us.”

In fact, the Sodinokibi payment website already pushes people away from paying with Bitcoin by increasing the price in the currency by 10% compared to the Monero price. Interestingly, the group also looks for partners who can get the data access back for the users at a discount so they can add a surcharge to it while.

Threat analyst at cybersecurity firm Emsisoft Brett Callow told Cointelegraph that anoncoin use for the payment of ransomware ransom payment is less common than many would expect. He also noted that he would not be surprised if other ransomware groups followed suit:

“While there are some instances of demands being made in alternative currencies, this will be the first time that a major ransomware group has settled on a currency other than Bitcoin. Like other businesses, criminal enterprises adopt strategies that have been proven to work and, accordingly, if this switch proves successful for REvil, we’d expect to see other groups begin to experiment with demands in currencies other than bitcoin.”

Ransomware attacks are a growing threat

Many consider ransomware developed and distributed by well-organized cybercrime groups the biggest current cybersecurity threat. As Cointelegraph recently reported, a U.K.-based firm recently paid hackers almost $2.3 million in Bitcoin after being infected by the Sodinokibi ransomware.

Many are afraid that the current coronavirus pandemic will exacerbate the consequences of successful attacks on healthcare providers. In an attempt to alleviate the danger, Microsoft recently notified hospitals that are vulnerable to ransomware attacks.

Tags
Related Posts
Hacker Offers $100K in BTC as Bounty for Hacking Halliburton
Anonymous hacker Phineas Fisher will pay up to $100,000 in crypto to hackers for leaking some damaging information about global high-profile firms. The bounty, called the “Hacktivist Bug Hunting Program” was published on Nov. 15 and targets big companies including Israeli spyware vendor NSO Group and American oil company Halliburton, as Vice reported on Nov. 17. The idea of the new bounty is to pay other hackers who carry out politically motivated hacks against firms, which would lead to the disclosure of documents in the public interest, according to Vice. Other targets reportedly include mining and livestock companies in South …
Bitcoin / Nov. 18, 2019
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
Monero Wallet Provider Releases Web-Based Wallet for Tor Browser
XMRWallet.com, an open-source, client-side Monero wallet provider, has released a new web-based wallet for the Tor web browser, the company announced in a Reddit post on Aug. 28. The post notes that there had been a high demand for such a wallet from XMR users. Now they can send and receive the private and untraceable cryptocurrency through what claims to be the first Monero web wallet for the distributed and anonymous Tor network. Within the Tor network, Monero (XMR) is the cryptocurrency of choice among many users. For the advocates of a truly decentralized future and financial anonymity, the pairing …
Altcoin / Sept. 10, 2018
BitBay Crypto Exchange to Delist Monero Due to Money Laundering Concerns
Cryptocurrency exchange BitBay will delist privacy-centric cryptocurrency Monero (XMR) due to money laundering concerns. The exchange announced the decision on Nov. 25, noting that the delisting will take place on Feb. 19, 2020. The exchange explained its decision “Monero (XMR) can selectively utilize anonymity features among projects. This feature of XMR is a subject to end of transaction support. The decision was made to block the possibility of money laundering and inflow from external networks.” On Nov. 29, the exchange will already stop accepting XMR deposits. Due to the upcoming Monero blockchain fork, XMR withdrawals will not be possible from …
Regulation / Nov. 26, 2019
Monero avoids crypto market rout, but XMR price still risks 20% drop by June
Monero (XMR) has shown a surprising resilience against the United States Federal Reserve’s hawkish policies that pushed the prices of most of its crypto rivals — including the top dog Bitcoin (BTC) — lower last week. XMR price closed the previous week 2.37% higher at $217, data from Binance shows. In comparison, BTC, which typically influences the broader crypto market, finished the week down 11.55%. The second-largest crypto, Ether (ETH), also plunged 11% in the same period. While the crypto market wiped off $163.25 billion from its valuation last week, down nearly 9%, Monero’s market cap increased by $87.7 million, …
Markets / May 9, 2022